Why do we need this role? The purpose of this role is to:

o Deliver the Cybersecurity audits, assist in the identification of Risks and to test key controls related to Cybersecurity risks. o Support the planning, execution and reporting of a small simultaneous portfolio of Audit activity as set out in the Audit Charter and the annual Audit Plan. o Define and develop appropriate Cybersecurity audit capability within clients Internal Audit team and contribute to Audit’s Annual and Dynamic planning process. This role sits within Internal Audit (IA). IA is the Third line of defence in ensuring the effectiveness of the organisation’s controls in detecting, preventing and correcting risk. Key tasks; accountabilities and challenges of this role Key responsibilities and accountabilities for the role are as follows: · Behave in line with clients values. · Manage a team of three Direct Report and provide timely feedback and coaching to colleagues to promote a performance and development culture. · Lead and deliver a small portfolio of concurrent audits (2-3) within agreed resource and time budgets. · Plan and deliver audits covering but not limited to Security incident detection, Security incident response, Security monitoring, Threat intelligence, Protective technologies, etc. · Efficient verification of audit raised issues within internal SLA targets once the business indicate issues are complete, supported by quality workpapers. · Plan and project manage delivery of audits within agreed resource and time budgets. Contribute to Annual and Dynamic Planning as directed · Provide strategic guidance to audit team leads on scope and approach. Experience · Experience within Audit or Risk Management / Assurance. · Information security experience in any one of the areas including Security operations, Offensive security, Defensive security, Security architecture or Security engineering. · Experience working with Crowdstrike, Splunk, Qualys, Defender ATP, Proxy, Endpoint Detection & Response tools, SIEM and Mail Gateways. · Scripting language understanding is a must (Python, Bash, Powershell, etc.)

· Familiarity with the MITRE Attack framework. Understanding of security vulnerabilities, attacker exploit techniques, and methods for their remediation. · Experience with common security monitoring, log analysis and forensic tools. · Understanding of best practices in security engineering, including secure development, cryptography, network security, security operations, systems security, policy, and incident response. Essential capabilities · A deep understanding of Cybersecurity risks and controls. Subject matter expertise in at least one area of Security such as Defensive security, Offensive security, Security architecture or Security engineering. · Ability to build strong working relationships with internal and business stakeholders across different levels of the organisation · Flexible and comfortable working in an agile, fast and constantly changing environment. · Ability to understand key Technical controls and processes across the end to end value chain. · Proven expertise in people leadership. Qualification Requirements · Degree or tertiary education in technology or related field is required. · Industry recognised Security certifications such as CISSP, OSCP, GCFE, GCFA, GCIH, GNFA etc. are highly preferred